Josh Grossman
Josh Grossman
I am going to leave this as open but not blocking for 5.0
@elarlang it is currently marked as a non-blocker so happy to leave it open for now
Following a lot of discussion, our approach is to create less and more abstract requirements with references to other resources such as the cheatsheets.
I am wondering how critical CWE is to us? There are obviously problems with them and in some ways I worry that they are a little misleading and if people...
Happy to remove CWE unless there is strong desire for it
Just noting that we should replace CWE with CRE mappings https://www.opencre.org/
Further to this, the challenge with maintaining a mapping on the face of the standard is that updating the mapping requires a new standard release. Our proposal is for the...
> v5.0.be to CWE mapping is exported into https://github.com/OWASP/ASVS/blob/master/5.0/mappings/v5.0.be_cwe_mapping.json and if needed, will be updated after renumbering and release to v5.0 numbers. haha I came here to write that :)
You know what I am going to say.... 🙃
12.2.1 | [MODIFIED] Verify that when the application accepts a file, either on its own or within an archive such as a zip file, it checks if the file extension...